Skip to main content

Introduction

Refix (including Refix Analytics and Prism) is committed to protecting the privacy and security of our users’ data. This policy outlines our practices and commitments in relation to data protection and privacy, in compliance with the General Data Protection Regulation (GDPR).

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation enacted by the European Union (EU) that requires organizations to safeguard personal data and uphold the privacy rights of individuals in EU territory.

Refix’s GDPR Compliance

Refix is fully compliant with the GDPR framework. We are committed to:
  1. Minimizing data collection
  2. Ensuring data security
  3. Respecting user privacy
  4. Providing transparency in our data practices

Refix as a Data Controller

Refix acts as a Data Controller for the personal information provided by our customers to use our service (e.g., registration information). We do not sell personal data to third parties or use it for marketing purposes without explicit consent.

Refix as a Data Processor

When our customers use Refix to collect data about their website visitors, Refix acts as a Data Processor. We process this data according to our customers’ instructions and in compliance with GDPR. We use as minimal amount of sub-processors as possible. Here is the full list:
ServiceUsageGDPR Compliance
StripePayment processing and subscription managementLearn more
ClerkUser authentication and managementLearn more
LoopsEmail communication and marketing automationLearn more

User Data & Connected Integrations

We collect minimal data to provide our service effectively. This includes data from SaaS integrations you explicitly connect to Refix.
Data PointDescription
Connected SaaS DataData fetched from integrations (like Google Drive, BigQuery, Analytics) to answer user queries and generate insights.
Unique user identifierA randomly generated ID stored locally in the user’s browser to distinguish individual visitors anonymously.
Page viewsURLs of pages visited on our platform
Device informationBrowser, operating system, and device type
We do not use cookies or collect any personally identifiable information from your end-users.

Google API Services User Data Policy

Prism’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Data obtained from Google Workspace APIs (Drive, Gmail, etc.) is not used to develop, improve, or train generalized or third-party AI models.

Google Workspace & Cloud Integrations

Our application integrates with specific Google Workspace and Cloud services to provide enhanced analytics and knowledge retrieval capabilities. We request the minimum necessary permissions (scopes) to fulfill these features.

Scopes and Usage

ScopePurpose
../auth/bigquery.readonlyUsed strictly to fetch event data for anomaly detection and insight generation.
../auth/analytics.readonlyUsed to aggregate traffic signals and cross-reference them with revenue/support data.
../auth/drive.readonlyUsed to index internal documentation to answer user questions with organizational context.
We access this data only after you have explicitly granted permission through Google’s OAuth 2.0 authentication process.

Revoking Access

You can revoke Refix’s access to your Google data at any time through your Google Account Settings or directly within the Refix platform’s Integrations settings.

AI & Third-Party Processing

Refix employs Large Language Models (LLMs) to process data and generate natural language insights, summaries, and answers.
  • Providers: We utilize trusted LLM providers such as OpenAI and Anthropic for generative capabilities.
  • Data Usage: Data fetched from your connected integrations (e.g., text from Drive documents, statistics from BigQuery) is sent to these providers solely for the purpose of generating the requested insight or answer.
  • Privacy Constraints: This data is transient (processed and then discarded) or stored only within your private “Prism Knowledge Graph” to enable context-aware retrieval. Your data is never shared with other customers and is not used to train our providers’ generalized models.

Data Retention & Storage

  • Refix Knowledge Graph: We cache metadata and specific generated insights in the “Refix Knowledge Graph” to provide the service (e.g., to allow you to search your previous queries or fast-access metrics).
  • No Mirroring: We do not permanently mirror or replicate your entire BigQuery database or Google Drive file system. We only store the specific data points or document chunks necessary to answer your queries.
  • General Retention: We retain user account data only for as long as necessary to provide our service. Users can request total deletion of their account and associated data at any time.

Data Storage and Security

  • All data is encrypted and stored on servers located within the European Union.
  • We use industry-standard security measures to protect your data.
  • We regularly perform backups to prevent data loss.

User Rights

Under GDPR, you have the right to:
  1. Access your personal data
  2. Rectify inaccurate personal data
  3. Erase your personal data
  4. Restrict or object to processing
  5. Data portability
To exercise these rights, please contact us at [email protected].

Changes to This Policy

We may update this policy from time to time. We will notify users of any significant changes.

Contact Us

If you have any questions about this policy or our data practices, please contact us at: Email: [email protected] Last updated: 9th January 2026